-1

I want to know to create bot and send message on Telegram, and send command for example /commandPi sudo apt-get update ... You need yo configure the bot with info and create a token but i dont know how to program it. You need to modify the "bot archive" or something with Python? Ty

Chuflitas
  • 105
  • 1
  • 11

1 Answers1

1

NOTE: It is not a good idea to allow direct access to command line through a web interface. Someone could potentially send malicious commands for your bot to execute on your Raspberry Pi and gain control over it!

What I describe can be found at (and many other howto manuals): https://www.hackster.io/Salmanfarisvp/telegram-bot-with-raspberry-pi-f373da

Create a new bot by sending a request to BotFather:

/newbot

and follow the instructions given by BotFather.

Install git and python if you don't have it on your RPi.

Download an existing bot python script to modify (like suggested in the article I linked):

git clone https://github.com/salmanfarisvp/TelegramBot.git

or create your own.

Edit the telegrambot.py file and change the line

bot = telepot.Bot('Bot Token')

To contain your token instead of Bot Token

Finally change the lines (or add new ones):

if command == 'on':
elif command =='off':

to match whatever command you would like to send. Since you want to write more than just a one word command may be have a look at startswith:

if command.startswith('commandPi'):

and extract the rest of the arguments to pass to your command line

arguments = command[8:]

and call apt-get for example by using subprocess as described in https://stackoverflow.com/a/8482033/1619146

from subprocess import STDOUT, check_call
import os
check_call(['apt-get', 'update'],
     stdout=open(os.devnull,'wb'), stderr=STDOUT)

Also check out https://core.telegram.org/bots

Asmund
  • 158
  • 1
  • 5
  • Thank u man! I know about access Direct to command line, u think that i can protect with simple command that when i request the command line on telegram, the bot request me a password to acces to command line... What do u think about that, simple .equals or something but on Python xD – Chuflitas May 03 '18 at 09:01
  • @Chuflitas This could be a way to go, or maybe only allow certain "sub"commands and not arbitrary parameters that get used directly. Check out https://www.owasp.org/index.php/Injection_Prevention_Cheat_Sheet#Operating_System_.28OS.29_Commands and https://www.owasp.org in general for good suggestions on keeping your server safe. The important part is to be aware of it, consider alternatives and mitigate possible attack vectors. – Asmund May 03 '18 at 12:35